Commits · e22e770147724b55274e58cbacc15f3c8d90a157 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

Apr 23, 2012
- prepare for next version · e22e7701
  Dr. Stephen Henson authored Apr 23, 2012
  
  e22e7701
- update STATUS · e0c02033
  Dr. Stephen Henson authored Apr 23, 2012
  
  OpenSSL_0_9_8w
  
  e0c02033
- correct STATUS · e1eec61e
  Dr. Stephen Henson authored Apr 23, 2012
  
  e1eec61e
- correct NEWS · 296fa128
  Dr. Stephen Henson authored Apr 23, 2012
  
  296fa128
- prepare form 0.9.8w release · 6dde222a
  Dr. Stephen Henson authored Apr 23, 2012
  
  6dde222a
- update NEWS · 391ac370
  Dr. Stephen Henson authored Apr 23, 2012
  
  391ac370
- The fix for CVE-2012-2110 did not take into account that the · 8d038a08
  Dr. Stephen Henson authored Apr 23, 2012
```
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
rejecting negative len parameter.

Thanks to the many people who reported this bug and to Tomas Hoger
<thoger@redhat.com> for supplying the fix.
```
  8d038a08
Apr 22, 2012
- correct error code · 747c6ffd
  Dr. Stephen Henson authored Apr 22, 2012
  
  747c6ffd
- correct old FAQ answers, sync with HEAD · d4cddc54
  Dr. Stephen Henson authored Apr 22, 2012
  
  d4cddc54
Apr 19, 2012
- prepare for next version · eb7112c1
  Dr. Stephen Henson authored Apr 19, 2012
  
  eb7112c1
- update FAQ · fef9e079
  Dr. Stephen Henson authored Apr 19, 2012
  
  OpenSSL_0_9_8v
  
  fef9e079
- prepare for 0.9.8v release · 8ab27e6e
  Dr. Stephen Henson authored Apr 19, 2012
  
  8ab27e6e
- update NEWS · 64150555
  Dr. Stephen Henson authored Apr 19, 2012
  
  64150555
- Check for potentially exploitable overflows in asn1_d2i_read_bio · 556e27b1
  Dr. Stephen Henson authored Apr 19, 2012
```
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
in CRYPTO_realloc_clean.

Thanks to Tavis Ormandy, Google Security Team, for discovering this
issue and to Adam Langley <agl@chromium.org> for fixing it. (CVE-2012-2110)
```
  556e27b1
Apr 15, 2012
- use /fixed argument when linking FIPS targets to disable address space layout randomization · af0c009d
  Dr. Stephen Henson authored Apr 15, 2012
  
  af0c009d
Mar 31, 2012

Dr. Stephen Henson authored Mar 31, 2012

Submitted by: John Fitzgibbon <john_fitzgibbon@yahoo.com>

Time is always encoded as 4 bytes, not sizeof(Time).

0b1cf4a1

Mar 18, 2012
- Always use SSLv23_{client,server}_method in s_client.c and s_server.c, · a9101cdc
  Dr. Stephen Henson authored Mar 18, 2012
```
the old code came from SSLeay days before TLS was even supported.
```
  a9101cdc
Mar 12, 2012
- prepare for next version · e351e2a7
  Dr. Stephen Henson authored Mar 12, 2012
  
  e351e2a7
- corrected fix to PR#2711 and also cover mime_param_cmp · 21527624
  Dr. Stephen Henson authored Mar 12, 2012
  
  OpenSSL_0_9_8u
  
  21527624
- correct FAQ · ddb78328
  Dr. Stephen Henson authored Mar 12, 2012
  
  ddb78328
- prepare for release · 2fad41d1
  Dr. Stephen Henson authored Mar 12, 2012
  
  2fad41d1
- update NEWS · b9c3d916
  Dr. Stephen Henson authored Mar 12, 2012
  
  b9c3d916
- Fix for CMS/PKCS7 MMA. If RSA decryption fails use a random key and · 4f2fc3c2
  Dr. Stephen Henson authored Mar 12, 2012
```
continue with symmetric decryption process to avoid leaking timing
information to an attacker.

Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
this issue. (CVE-2012-0884)
```
  4f2fc3c2
- fix error code · 48819f4d
  Dr. Stephen Henson authored Mar 12, 2012
  
  48819f4d
- manually patch missing part of PR#2756 · b0cbdd3e
  Dr. Stephen Henson authored Mar 12, 2012
  
  b0cbdd3e
Mar 09, 2012

PR: 2756 · 50161075

Dr. Stephen Henson authored Mar 09, 2012

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix DTLS timeout handling.

50161075

Mar 08, 2012
- check return value of BIO_write in PKCS7_decrypt · 25d5d15f
  Dr. Stephen Henson authored Mar 08, 2012
  
  25d5d15f
Mar 07, 2012

PR: 2755 · 725713f7

Dr. Stephen Henson authored Mar 07, 2012

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions. [0.9.8 version of patch]

725713f7

Mar 06, 2012
- return failure code if I/O error · 73eb0972
  Dr. Stephen Henson authored Mar 06, 2012
  
  73eb0972
- revert PR#2755: it breaks compilation · 6720779c
  Dr. Stephen Henson authored Mar 06, 2012
  
  6720779c
- PR: 2755 · b2a2c6af
  Dr. Stephen Henson authored Mar 06, 2012
```
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Reduce MTU after failed transmissions.
```
  b2a2c6af
- PR: 2696 Submitted by: Rob Austein <sra@hactrn.net> · 272993ba
  Dr. Stephen Henson authored Mar 06, 2012
```
Fix inverted range problem in RFC3779 code.

Thanks to Andrew Chi for generating test cases for this bug.

[from HEAD]
```
  272993ba
- oops, revert unrelated patches · 58532ae0
  Dr. Stephen Henson authored Mar 06, 2012
  
  58532ae0
- PR: 2748 · 4e7f6d38
  Dr. Stephen Henson authored Mar 06, 2012
```
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>

Fix possible DTLS timer deadlock.
```
  4e7f6d38
Feb 28, 2012
- Fix memory leak cause by race condition when creating public keys. · f0be325f
  Dr. Stephen Henson authored Feb 28, 2012
```
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
```
  f0be325f
Feb 27, 2012
- free headers after use in error message · b66af23a
  Dr. Stephen Henson authored Feb 27, 2012
  
  b66af23a
- Detect symmetric crypto errors in PKCS7_decrypt. · 29d0c13e
  Dr. Stephen Henson authored Feb 27, 2012
```
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for reporting this bug.
```
  29d0c13e
Feb 23, 2012

PR: 2711 · 8a4e81a2

Dr. Stephen Henson authored Feb 23, 2012

Submitted by: Tomas Mraz <tmraz@redhat.com>

Tolerate bad MIME headers in parser.

8a4e81a2

Feb 16, 2012
- Fix bug in CVE-2011-4619: check we have really received a client hello · 843fc7b6
  Dr. Stephen Henson authored Feb 16, 2012
```
before rejecting multiple SGC restarts.
```
  843fc7b6
Feb 11, 2012

PR: 2703 · 6dcb6bf1

Dr. Stephen Henson authored Feb 11, 2012

Submitted by: Alexey Melnikov <alexey.melnikov@isode.com>

Fix some memory and resource leaks in CAPI ENGINE.

6dcb6bf1